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REMARKS 

In the Office Action mailed January 23, 2009 the Office 
noted that claims 1-21 were pending and rejected claims 1-21. 
Claims 1-21 have been amended, no claims have been canceled, and, 
thus, in view of the foregoing claims 1-21 remain pending for 
reconsideration which is requested. No new matter has been 
added. The Office's rejections and objections are traversed 
below. 

REJECTIONS under 35 U.S.C. § 102 
Claims 1-21 stand rejected under 35 U.S.C. § 102(e) as 
being anticipated by Ellison, U.S. Patent No. 7,082,615. The 
Applicants respectfully disagree and traverse the rejection with 
an argument and amendment. 

Allison discusses a system and a method for protecting 
software environment in isolated execution. According to the 
disclosed system, the execution environment comprises two modes 
of operation: a normal execution mode and an isolated execution 
mode. An isolated area of the memory is used in the isolated 
execution mode. It is accessible only to elements operating in 
the isolated execution mode, via specific functionalities and a 
processor nub loader that operates only in the isolated execution 
mode. Any access to the isolated area of the memory aborts when 
the access does not have the isolated access mode asserted. 
Therefore, the isolated area of the memory is accessible only via 
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specific functionalities of the isolated execution mode. 

As a consequence, Allison does not disclose the 
invention as claimed that concerns automatic validation of a 
computer program able to access secure memory and non-secure 
memory, using an encryption function and a decryption function, 
comprising the steps of controlling that any function adapted to 
read data from the secure memory and to produce data in the non- 
secure memory is an encryption function and that any data 
produced by the decryption function is stored in said secure 
memory . 

Furthermore, in view of the architecture as disclosed 
in Allison where two different execution modes are used, the 
claimed invention seems not to be obviously derivable from the 
teaching of this discloser. According to Allison an application 
is executed in the normal execution mode or in the isolated 
execution mode. In reason of the specific functionalities of the 
isolated execution mode, in particular to access the isolated 
area of the memory, an application that is executed in the normal 
execution mode cannot access the isolated area of the memory. 
Thus, due to the distinct execution modes, it is not requested to 
validate automatically an application able to access secure 
memory and non secure memory. As a consequence, the problem 
solved in the claimed invention does not make sense in the system 
disclosed by Allison. Furthermore, it is observed that the 
claimed controlling steps are not disclosed. 
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On page 3 of the Office Action, it is asserted that 
Ellison col. 6, line 44 through col. 7, line 27 discloses "any 
function adapted to read data from said secure memory (MS) and to 
produce data in said non-secure memory (MNS) is an encryption 
function; and any data produced by said decryption function is 
stored in said secure memory (MS)," as in claim 1. 

However, Ellison col. 6, line 44 through col. 7, line 
27 merely discusses how an applet executes within the context of 
the isolated area. In contrast, it appears that the only time 
the pages in the isolated area are encrypted is when they are 
going to be purged, not when in use. For example, consider 
Ellison col. 3, line 62 through col. 4, line 7 which states 



The operating system nub 16 may choose to support 
paging of data between the isolated area and ordinary 
(e.g., non-isolated) memory. If so, then the operating 
system nub 16 is also responsible for encrypting and 
hashing the isolated area pages before evicting the 
page to the ordinary memory, and for checking the page 
contents upon restoration of the page. The isolated 
mode applets 46. sub. 1 to 46. sub. K and their data are 
tamper-resistant and monitor-resistant from all 
software attacks from other applets, as well as from 
non-isolated-space applications (e.g., 42. sub. 1 to 
42. sub. N), dynamic link libraries (DLLs), drivers and 
even the primary operating system 12 . Only the 
processor nub 18 or the operating system nub 16 can 
interfere with or monitor the applet's execution. 
[Emphasis added] 

Thus, if the pages must be encrypted before eviction, they are 
not encrypted while being worked on by the applet. Thus, it 
cannot be said that Ellison disclose any function adapted to read 
data from said secure memory (MS) and to produce data in said 
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non-secure memory (MNS) is an encryption function. Why would 
Ellison require an encryption/decryption function as the contents 
of the memory when active are not encrypted. 

Claim 19 recites similar features. For at least the 
reasons discussed above, claim 1 and 19 and the claims dependent 
therefrom are not anticipated by Ellison. 

On page 5 of the Office Action, it is asserted that 
Ellison, col. 6, line 44 through col. 7, line 27; col. 8, lines 
47-65; and col. 9, lines 6-24 disclose "a verification step 
(E340) conforming to claim 1 is executed before the execution 
(E420) of each function of said program," as in claim 1. 

However, Ellison, col. 6, lines 49-56 states 

The processor nub loader 52 is invoked by execution of 
an appropriate isolated instruction (e.g., Iso_Init) 
and is transferred to the isolated area 70. From the 
isolated area 80, the processor nub loader 52 copies 
the processor nub 18 from the system flash memory 
(e.g., the processor nub code 18 in non-volatile memory 
160) into the isolated area 70, verifies and logs its 
integrity, and manages a symmetric key used to protect 
the processor nub's secrets. [Emphasis added] 

Thus, Ellison discloses that it verifies the entire program when 

it copies it. Not as the claim requires, verifying each function 

just prior to execution. 

Withdrawal of the rejections is respectfully requested. 

SUMMARY 

It is submitted that the claims satisfy the 
requirements of 35 U.S.C. § 102. It is also submitted that 
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claims 1-21 continue to be allowable. It is further submitted 
that the claims are not taught, disclosed or suggested by the 
prior art. The claims are therefore in a condition suitable for 
allowance. An early Notice of Allowance is requested. 

The Commissioner is hereby authorized in this, 
concurrent, and future replies, to charge payment or credit any 
overpayment to Deposit Account No. 25-0120 for any additional 
fees required under 37 C.F.R. § 1.16 or under 37 C.F.R. § 1.17. 

Respectfully submitted, 

YOUNG & THOMPSON 



/James J. Livingston/ 

James J. Livingston, Jr. 
Reg. No. 55,394 
209 Madison St, Suite 500 
Alexandria, VA 22314 
Telephone (703) 521-2297 
Telefax (703) 685-0573 
JJL/fb (703) 979-4709 
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